Updated fence-agents packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
Red Hat fence-agents are a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.
- Previously, the fence agents documentation did not mention how to use the fence_ipmilan agent for fence device HP iLO 3. This update adds this information to the fence_ipmilan(8) manual page.
- Previously, the fence agent fence_cisco_ucs did not respect the "delay" attribute. This bug has now been fixed and fence_cisco_ucs waits the appropriate amount of time, as expected.
- Previously, the fence agent fence_cisco_ucs did not use a proper timeout during the login process, which could have an impact on a successful login. With this update, this timeout is set properly and can be customized by users through the standard configuration methods.
- Previously, the fence agent fence_cisco_ucs failed with a traceback error when the hostname could not be resolved to an IP address. With this update, fence_cisco_ucs exits with an appropriate error message.
- Previously, the fence agent fence_scsi did not provide the correct metadata for the pacemaker "unfence" operation. With this update, an "unfence" operation can be run only on local node.
- BZ#912773, BZ#994186
- Previously, the fence agent fence_scsi did not respect the "delay" attribute. This bug has been fixed and fence_scsi now waits the appropriate amount of time. As a result, nodes in a 2-node cluster can no longer fence each other.
- Previously, when using the fence_bladecenter agent with the "--ssh" option, the fence agent required also the "--password" or "--identity-file" options. However, this behavior was not documented. As a consequence, when using fence_bladecenter with the "--ssh" option only, fence_bladecenter failed with an error message which was too generic. This bug has been fixed and a more specific error message is now displayed if fence_bladecenter fails to connect.
- Previously, the fence_scsi(8) manual page did not mention the "unfence" operation which is required for fence_scsi to properly function in a cluster environment. With this update, a comment with information about "unfence" in cluster environment has been added to the fence_scsi(8) manual page.
- Previously, when fencing a Red Hat Enterprise Linux cluster node with the fence_soap_vmware fence agent, the agent terminated unexpectedly with a traceback if it was not possible to resolve a hostname of an IP address. With this update, a proper error message is displayed in the described scenario.
- Due to incorrect detection on newline characters during an SSH connection, the fence_drac5 agent could terminate the connection with a traceback when fencing a Red Hat Enterprise Linux cluster node. Only the first fencing action completed successfully but the status of the node was not checked correctly. Consequently, the fence agent failed to report successful fencing. When the "reboot" operation was called, the node was only powered off. With this update, the newline characters are correctly detected and the fencing works as expected.
- Previously, the description of the fence_ipmilan "lanplus" option in the fence_ipmilan(8) manual page was incomplete. This update improves the description of the "lanplus" option and includes information on its impact on security.
- Previously, an insecure temporary directory was used by the VMware fence agent, which could be used by a local attacker to overwrite an arbitrary local file by the victim running fence agent. This update removes a dependency on the python-suds library, which is vulnerable to a symbolic link attack (CVE-2013-2217), and the VMware fence agent now uses mkdtemp to create a unique temporary directory.
- Previously, users of the HP Integrated Lights-Out (iLO) 4 fence device had to use the fence_ipmilan fence agent. This update adds support for the iLO fence device to the fence-agents packages.
- This update adds support for the firmware for APC power switches, version 5. This update also adds changes to the fence agent command line interface.
Users of fence-agents are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.